After moving AC to a different device and installing IDP and AG behind an L/B with an SSL accelerator, IDP and AG encountered an SSL handshake failure.
Access Manager (NAM)
Access Manager 4.5.1
Red Hat Enterprise Linux 7.7
A customer restored the primary AC to another machine with an exact hostname and IP address and installed an IDP and an AG to different devices behind an L/B with an SSL accelerator.
Those used self-signed certificates.
When ESP tried to connect IDP, IDP could not authenticate with a 100101044 error. ESP logged a similar message in a 'catalina.out' file.
<amLogEntry> 2022-12-21T08:29:32Z DEBUG NIDS Application: Method: URLUtil.connectToURL Thread: ajp-nio-127.0.0.1-9009-exec-4 Error connecting to URL Untrusted Certificate-chain </amLogEntry> <amLogEntry> 2022-12-21T08:29:32Z WARNING NIDS Application: SSL Exception encountered: Untrusted Certificate-chain. The connection attempt was made using protocol version:TLS </amLogEntry>
A tcpdump captured the following message.
TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Certificate Unknown)
Reimport the trusted roots for IDP and AG.